Android Media Framework Flaw Could Get Phones Hacked By Playing Malicious Video

Rampage attack

Most smartphone users love to watch innocent videos of babies, pets, and other cute moments. Interestingly, the hackers also like to share videos with you. However, they also wish to have your phone’s access in return. Reportedly, hackers could exploit an Android Media Framework flaw to gain access to your phone simply by playing a malicious video.

Android Media Framework Flaw

A researcher has recently disclosed the exploit for an Android Media Framework flaw. As revealed, a critical remote code execution vulnerability (CVE-2019-2107) affected the Android systems. Exploiting the flaw could let an attacker take control of the device.

To exploit the flaw, an attacker could merely send a maliciously crafted video to the target device. A German developer, Marcin Kozlowski, has shared a proof-of-concept on GitHub demonstrating the attack. As stated by Kozlowski,

With CVE-2019-2107 the decoder/codec runs under mediacodec user and with properly “crafted” video (with tiles enabled – ps_pps->i1_tiles_enabled_flag) you can possibly do RCE.

However, the attack may not work if the video reaches the victim’s device via an IM app like WhatsApp. Nor the video would exploit the flaw if reached through Facebook Messenger or Twitter, or even played via YouTube. It is because these services generally re-encode media files or compress videos. This, in turn, garbles the malicious code embedded within the video.

New Android Devices Vulnerable

Fortunately, Google has already patched the vulnerability. It rolled-out the fix with the Android July updates released earlier this month.

Google deemed this vulnerability as ‘critical’ that affected Android versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9. Describing the flaw in Android Media Framework, Google stated,

The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

While the fix is already out, users must ensure to keep their devices updated to avoid any such attacks since the exploit is also now publicly available. Additionally one should make sure to avoid playing videos from untrusted sources to stay protected.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients